This patch by Brendan O'Dea.

  The /dev/dri directory is created with a mode that is derived from the
  "Mode" entry in the "DRI" section, which dexconf creates as 666.

  Ethan Benson noted that this results in a world writable directory on
  the root filesystem which is undesirable.

  Given that the only things in that directory are character devices which
  require root permission to create, the directory permissions need not
  follow the Mode required for the devices but may be root:root 755.

--- XFree86-4.1.0/xc/programs/Xserver/hw/xfree86/os-support/linux/drm/xf86drm.c.orig	Thu Aug 30 19:58:24 2001
+++ XFree86-4.1.0/xc/programs/Xserver/hw/xfree86/os-support/linux/drm/xf86drm.c	Thu Aug 30 19:59:20 2001
@@ -174,7 +174,6 @@
     stat_t          st;
     char            buf[64];
     int             fd;
-    mode_t          dirmode = DRM_DEV_DIRMODE;
     mode_t          devmode = DRM_DEV_MODE;
     int             isroot  = !geteuid();
 #if defined(XFree86Server)
@@ -184,23 +183,16 @@
 
 #if defined(XFree86Server)
     devmode  = xf86ConfigDRI.mode ? xf86ConfigDRI.mode : DRM_DEV_MODE;
-    dirmode  = (devmode & S_IRUSR) ? S_IXUSR : 0;
-    dirmode |= (devmode & S_IRGRP) ? S_IXGRP : 0;
-    dirmode |= (devmode & S_IROTH) ? S_IXOTH : 0;
-    dirmode |= devmode;
     devmode &= ~(S_IXUSR|S_IXGRP|S_IXOTH);
     group = (xf86ConfigDRI.group >= 0) ? xf86ConfigDRI.group : DRM_DEV_GID;
 #endif
 
     if (stat(DRM_DIR_NAME, &st)) {
 	if (!isroot) return DRM_ERR_NOT_ROOT;
-	remove(DRM_DIR_NAME);
-	mkdir(DRM_DIR_NAME, dirmode);
+	mkdir(DRM_DIR_NAME, 0755);
+	chown(DRM_DIR_NAME, 0, 0); /* root:root */
+	chmod(DRM_DIR_NAME, 0755);
     }
-#if defined(XFree86Server)
-    chown(DRM_DIR_NAME, user, group);
-    chmod(DRM_DIR_NAME, dirmode);
-#endif
 
     sprintf(buf, DRM_DEV_NAME, DRM_DIR_NAME, minor);
     if (stat(buf, &st) || st.st_rdev != dev) {